Getting Prepared » For businesses
Approximately 50% of companies fail following a major disaster affecting their business. The key to staying alive is to develop an effective contingency plan and implementing it correctly.
"We'll survive, we always have", "I am too busy making money", "I haven't the time, skill or resources", "I don't need it in my business".
These are just some of the responses to suggestions that companies plan for a major disaster. They are understandable, but they are a recipe for bankruptcy. Some recent press comments are also of particular interest:
"Contingency planning is the safety net of risk management", and "any public utility providing an essential service .... must have a well tested business contingency plan that is able to cope with any catastrophe and maintain continuity of supply".
Statistics vary, but they suggest that, following a major disaster, approximately 50% of businesses fail to survive. Why? Simply, their customers desert them. Customer loyalty is very fragile. It takes years to develop but can be lost overnight. It makes sense to have a fall back position. From the perspective of any manager or CEO who want to maintain a functioning operation, to the board who could face shareholder/ stakeholder litigation, advance planning is the key. There are many cogent reasons why disaster management should form part of any organisation's business plan. How to go about putting in place a disaster recovery plan is straightforward. The implementation can, however, be complex.
Firstly, it is necessary to establish just what is a disaster to the organisation. There are the obviously man-made and natural perils such as fire, earthquake, flood and the like, but don't forget loss of reputation (a major risk to most organisations), loss of Information Technology and computerised processing functions (example - the millennium bug problem had a very real disaster potential), adverse exposure to contracts with penalty causes, legal and regulatory risk. Think laterally with particular emphasis on marketing and ability to service clients.
Some of the terminology can at first glance seem somewhat bewildering. Organisations are being bombarded with the need for an emergency response plan, a contingency plan, a disaster recovery plan, and a business continuity plan.
No matter what you call it, the need is to have a pre-agreed plan to aid an organisation to work through any predetermined foreseeable 'contingency' and to survive.
The overall objectives of the plan will essentially be as follows. (Obviously the detail will depend on the type of organisation, whether it be manufacturing, a service organisation, a government etc.)
Try and keep things as straightforward as possible and think of the overall plan as the contingency plan (CP).
Within the contingency plan, there will generally be three distinct stages of planning which need to be considered. These phases will each be time-dependent. The initial response (emergency response) may cover a timeframe up to about the first 24 hours. Thereafter, there will be the need to 'hold it together' or business continuity, which could extend from a day to several weeks followed by the return to normal operations over a period of weeks or even months.
In some organisations it may be relevant to develop an overall 'umbrella plan' ie, the big picture plan, within which more detailed divisional/departmental plans can be developed. However, both the umbrella and divisional/departmental plans should generally follow the above approach, with the restoration objectives being established under each phase. It may work like this.
The restoration objectives in terms of the business should have been clearly identified for each phase as part of the business impact analysis.
Objectives: To secure hazardous conditions; establish the control organisation; provide initial status report. Phase 1 is likely to extend for the first 24 hours or so.
Objectives: To effect minimum operational status; to review phase 1; to initially prepare for phase 3. Phase 2 is likely to extend for up to two weeks.
Objectives: To provide an orderly programme for full operational restoration. Phase 3 may extend for six months or more.
Click these links for further information on business contingency planning.
Ministry of Civil Defence and Emergency Management
Ministry of Economic Development
Risk Management Standard - AS/NZS 4360:1999 www.mcdem.govt.nz